Cook is quoted as saying that “iCloud accounts were compromised when hackers correctly answered security questions to obtain their passwords, or when they were victimized by a phishing scam to obtain user IDs and passwords.” I’ve pointed out several times on this blog some of the well-crafted phishing emails target Apple and iCloud users, and it’s certainly possible that some of these were the vector by which these accounts were accessed.

Cook also told the Wall Street Journal/ that “Apple will alert users via email and push notifications when someone tries to change an account password, restore iCloud data to a new device, or when a device logs into an account for the first time.”

That’s all well and good, but what about this scenario: someone changes an account password, you get an alert, but by then you’re locked out of your account, because the password has been changed. How will Apple deal with that? What is the streamlined procedure for getting your account back, or at least getting it locked? This needs to be bulletproof, so no one can lock an account belonging to someone else. One of the problems with this type of security is that all your authentications occur electronically. You cannot, say, go into a local Apple store and prove your identity, with a photo ID and signature. (And many of us don’t have local Apple stores anyway.) So it’s entirely likely that this new procedure won’t help. It will alert you that something has happened, but my experience with Apple ID support is that they take a long time, and if an attacker has changed security questions, you can effectively no longer prove you own an account.

The article goes on: “He also said that Apple will broaden its use of an enhanced security system known as “two-factor authentication,” which requires a user, or a hacker, to have two of three things to access an account: a password, a separate four-digit one-time code, or a long access key given to the user when they signed up for the service.”

There is a problem with that as well. If you only have one device, you can’t use a second to authorize a change to an account, as you can do currently for iCloud Keychain. If your device is lost or stolen, then you cannot easily block your account, or even set up a new account. As for that long access key, those of use who use a password manager will have stored it safely, but how will other people keep it? On a post-it? In an unsecure note on their device?

The problem with all these methods is that they are too complicated for most users. I once went to Apple’s website to turn on two-factor authentication, and I admit that even I was daunted by the company’s explanations of the process, and the scary messages they give saying how, if you lose the long access key, you may never be able to access your account again.

All this security is essential, but it needs to be re-thought. These procedures are complicated and confusing to average users, and they shouldn’t be. There will always be a trade-off between security and usability, and as more of our data goes into the cloud, companies need to come up with better ways to ensure its security.

Subscribe to the Kirkville Weekly newsletter:

3 Comments

I’ve seen people recommend that you use nonsense responses for all security questions, which isn’t a bad idea but essentially makes the security question an additional password you have to remember on the account. I sometimes wonder whether all this emphasis on password strength isn’t counterproductive. It makes passwords easier to forget, which necessitates attack vectors like the security questions or complexity like two-factor authentication. Not to mention that the requirement to frequently change your passwords is nonsense — either a password has been compromised, or it hasn’t. If it has, then the damage has likely already been done. If it hasn’t, then changing it accomplishes nothing. But IT policies force you to change it every 3 months, so you have no chance of remembering it and have to use less secure means of keeping track.

I admit I know nothing about the history of hacking user passwords, but certainly recent events make it seem as though phishing scams or hacking the repositories (Target, etc.) are far more likely occurrences than a hacker randomly inputting your username/password combination to gain access to a particular site. It doesn’t matter how complex your password is if they’re getting it by accessing a password database or by resetting it. And I suppose the evidence would be anecdotal by nature on something like this, but is it really that common for someone whose password was stolen on one site to be compromised on other sites?

Maybe we should all go back to using the same easy-to-remember password for everything?(I realize this is heresy.)

Many of us fear that if we some how forgot whatever details we give Apple we will be lock out and whatever avenue they give us to unlock or have a new password may not work especially when we are using a few Apple products or on separate HDDs.

The push notification they are implementing should be in real time and if that is the case it may have a good chance of succeeding.This notification should also be sent whenever someone or even us is requesting a change in the password/ More importantly when someone is trying to reset a password through their live support service.

I too wish Apple would do significantly more in this realm. I wish they’d hire me, because I have a TON of ideas I’d like to see realized! ;)

When OS X introduced the Keychain I was elated. I really thought it could/would serve a much greater role in our everyday computing lives than Apple has come to allow it. Prior to the iPhone, when there was only OS X, a system-wide password manager was rather useless; but having a repository, ala 1Password, to store sensitive data was a godsend when dealing with my clients who often could not remember (or never bothered to try to remember) various passwords. Since the iPhone and the dramatic surge of Apple-ecosystem-only users it has created, Apple’s inaction is more baffling. Keychain Syncing is well and good, as is the password suggestion feature of Safari, but without a more user friendly UI/UX to the system, it otherwise goes largely unused. And that is shameful, especially in light of the price of 1Password (not to their discredit, instead to me it shows the benefit of its utility!). On top of that, Apple has in more recent versions of OS X and Safari begun to “hide” how the information is stored behind hashes and tokens, so even IF users use the feature, they can’t rely on getting the information back out when they forget.

In my experience, Apple’s market demographic is dramatically bifurcating: many young users and a growing number of older users, many who have a very long history with Apple. These folks just simply CANNOT remember the sheer AVALANCHE of passwords, PIN numbers, credit card numbers, 2-factors…etc that they’re being inundated with. Arguably (and to take a dig at Hollywood celebrity culture) it seems neither can the “luminaries” of stage and screen. That Apple has not done a better job of looking at this problem though the eyes of a 70 year old woman who has been an Apple customer for 30 years, has an iMac, an iPhone, and an iPad, and is now scared to use iCloud and wants to disable it thanks to this latest snafu disheartens me. It rather tells me that Apple not only doesn’t actually recognize its cash cow, but further prefers to ignore it to the point of neglect. (And don’t get me started on iOS’s and Mac OS X’s design paradigm shift versus aging eyes…jeesh, talk about ignoring their users!)